IPF Logging packets Every 2-10 Seconds.

Stephan Weaver stephanweaver at hotmail.com
Wed Jun 29 13:37:26 GMT 2005 

if you carefully read this log line.
28/06/2005 15:59:23.743138 vr0 @0:28 b 201.238.78.59,4550 ->
192.168.1.1,60271 PR tcp len 20 40 -AF IN

what it is saying, 201.238.78.59 on port 4550 wants to make a connection 
INTO my network.
now it is making this connection because one my my LAN users, is accssing 
that address.
eg, a Lan user types http://201.238.78.59:1080 [webcam port]
opens up the live view in the webcam. and in a response to that, the webcam 
sends a data/packets back to my LAN using the webcam data port instead. 
[4550]


>From: "fbsd_user" <fbsd_user at a1poweruser.com>
>Reply-To: <fbsd_user at a1poweruser.com>
>To: "Stephan Weaver" <stephanweaver at hotmail.com>
>Subject: RE: IPF Logging packets Every 2-10 Seconds.
>Date: Tue, 28 Jun 2005 16:40:48 -0400
>
>When you list the incore rules is rule number 28 the block all rule
>marking the end of the inbound section of your rules file?
>
>If yes, then you need to add a new pass in rule to allow port 4550
>in.
>Then the remote system will be able to access your webcam server on
>the firewall box.
>
>The short explanation about what you are doing makes all the
>difference in the kind of answer you get back.  Should have said
>that a long time ago.  This is different question that what the
>email subject says.
>
>-----Original Message-----
>From: Stephan Weaver [mailto:stephanweaver at hotmail.com]
>Sent: Tuesday, June 28, 2005 4:06 PM
>To: fbsd_user at a1poweruser.com
>Subject: RE: IPF Logging packets Every 2-10 Seconds.
>
>
>i Do understand what you are saying, but i BELEIVE my ruleset is in
>the
>wrong order or something is WRONG.
>look at this LOG for example
>28/06/2005 15:59:23.743138 vr0 @0:28 b 201.238.78.59,4550 ->
>192.168.1.1,60271 PR tcp len 20 40 -AF IN
>28/06/2005 15:59:23.823647 vr0 @0:28 b 201.238.78.59,4550 ->
>192.168.1.1,60272 PR tcp len 20 40 -AF IN
>28/06/2005 15:59:24.283051 vr0 @0:28 b 201.238.78.59,4550 ->
>192.168.1.1,60273 PR tcp len 20 40 -AF IN
>28/06/2005 15:59:24.283423 vr0 @0:28 b 201.238.78.59,4550 ->
>192.168.1.1,60269 PR tcp len 20 40 -AF IN
>28/06/2005 15:59:24.687274 vr0 @0:28 b 201.238.78.59,4550 ->
>192.168.1.1,60271 PR tcp len 20 40 -AF IN
>28/06/2005 15:59:24.865697 vr0 @0:28 b 201.238.78.59,4550 ->
>192.168.1.1,60273 PR tcp len 20 40 -AF IN
>
>
>
>right,
>now 201.238.78.59 is MY OTHER REMOTE server!
>and my WEBCAM software runs on port 4550.
>now that is being logged because, one of my lan users,
>is accessing 201.238.78.59:4550 via a webpage. but it shows in the
>logs.
>something is WRONG.
>i know what you are saying, but listen what I am saying....
>
>

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

More information about the freebsd-questions mailing list